NAME

bld - A black list daemon

SYNOPSIS

bld -h | [option]

OPTIONS

-v Output version information and exit
-n Do not fork to become a daemon
-aaddress
Address to bind to
-pport
Port to listen to
-lnumber
Log verbosity (between 0 and 3)
-tnumber
Minimum time interval before blacklisting
-mnumber
Maximum submissions in time interval
-inumber
IP list size
-bnumber
Blacklist size
-enumber
Blacklist expiration
-Pfilename
Filename where to save PID
-Tnumber
Timeout for client connections
-uuser
User to run as
-ggroup
Group to run as
-ffilename
Use a specific configuration file
-Afilename
Filename where to find ACLs
-Wfilename
Filename where to find whitelist
-Bfilename
Filename where to store blacklist
-Ifilename
Filename where to store whole IP list
DESCRIPTION
By default, the bld daemon listens to requests on port 2905. Requests
are either IP addresses submissions or checks against the black list.
bld uses a very simple algorithm to decide whether to add IP addresses
to the blacklist or not. The first time an IP address is submitted, it
is added to an internal list with a timestamp and all further requests
increment a counter for this IP. As soon as the minimum time interval
is elapsed (default: 30 seconds), and if a maximum requests ratio is
reached (default: 10 submissions in the 30 seconds interval), the IP is
put in the blacklist. It is then blacklisted for a configurable time
(default: 900 seconds).

PROTOCOL

Requests sent to bld are rather simple. Each request or reply is
followed by a linefeed and a carriage return. A client may only send
one request per TCP session. As of now, two commands may be used: ip
(address submission) and ip? (ask if address is blacklisted).
ip=a.b.c.d submits an IP address. The server acknowledges either with
a 200 code if the address is not blacklisted or a 421 if it is.
ipdecr=a.b.c.d decrements the internal counter for an IP address. The
lowest value for the counter is zero. The server always acknowledges
with a 200 code.
ip?=a.b.c.d asks if address is blacklisted. The server reply may be
421 if it is or 200 if it’s not.
ipbl=a.b.c.d forces the insertion in the blacklist. The server
acknowledges with a 200 code.
If using IP based restrictions, the server reply may be 600 if the
client is not in the correct ACL to perform a request. Any other error
will generate a reply with a 500 error code.

NOTES

bld binds to localhost by default and accepts any local request, so
please make sure that only trusted users can establish a connection to
the daemon. Please check that all authorized hosts meet the minimal
security requirements before changing this parameter even if using an
access control list (see bld_acl.conf(5)).
bld will log some statistics if it receives the SIGUSR1 signal.
SIGUSR2 is used to force a dump of both lists in bld working directory.